CHAPTER 3 USING THE DRUPAL (Web hosting unlimited bandwidth) CORE MODULES
CHAPTER 3 USING THE DRUPAL CORE MODULES Drupal Module Drupal offers a system of distributed authentication that allows people to use the same username and password at multiple sites. The sites communicate with each other to check authentication credentials and to decide whether a username and password combination should be allowed or denied. This is called distributed authentication. If you want your site to have this feature, you need to enable the Drupal module. The Drupal module also lets you run Drupal as a directory server that receives ping notification from other Drupal sites, creating a listing of sites. Note At the time this was written, a lively debate was unfolding on Drupal.org about the future of the Drupal module (http://drupal.org/node/31716). It is worth checking up on this thread to see where the issue stands. Using Distributed Authentication Drupal distributed authentication is a way to save site users the extra steps of creating redundant accounts on multiple sites. With distributed authentication, users can register on one site, and then use an extended version of their login information to log in to any site that supports Drupal distributed authentication. This is not only convenient for users, but it s also useful in situations where sites want to maintain a shared user base but not a shared database. When logging in to a Drupal site using distributed authentication, your username takes on an extended form that includes the site that is expected to do the actual authenticating. The extended username takes the form username@www.domain.com. For example, if Bob is a registered user at www.bobs-site.orgwith the username bob, his extended username is bob@www.bobs-site.org, and his password remains unchanged. When Bob uses this extended username to log in to another Drupal-powered site, that site will send a request to Bob s original site, www.bobs-site.com, and ask it if a user bob with the password that he entered should be authenticated. You should be aware that the current implementation of distributed authentication raises some security concerns. Someone could alter the code of her site to save a record of the passwords of users who log in. This is true of any web site you visit, not just Drupal. As long as the username and password only buys access to just that site, there is little incentive to do this. If, however, it would allow the malicious person to log in to other sites as well in this case, any Drupal site that has the Drupal module enabled the incentive is greater, and so is the potential loss or damage. The attacker would be able to masquerade on those sites using your user identity and execute actions on your behalf. Caution Drupal s distributed authentication is inherently insecure. If you do not know that you can trust the owner(s) of a particular site, never use your distributed authentication (Drupal ID) to log in to it.
Note: If you are looking for reliable webhost to maintain and run your java application check Vision java hosting services